Nasty one.

[Syl]

Greetings!

Just to report a virus. Dunno what happen, why my kaspersky didn't stop it from that page: hxxps://telecharger-jeux24.fr/horizon-zero-dawn-telecharger-version-complete-pc/ As it is stopped now. Downloaded it, dunno where, had to subscribe between some options in order to get the activation key. Classical. Closed it, but the damage was done. All my browsers were unusable, and the pc slowed. Tried to restore it two days back, but it didn't worked, though everything seems fine at present. Malwarebyte and roguekiller didn't find it.

By the way had to create a third account, as my session was timed out...

Cheers roguekillers!

[Curson]

Hi Syl,

This is a known bug with Simple Machines forum software.
What are your other accounts ? Could you please try logging in with another browser ?

Do you want to check your system for malware ?
By the way, for security reasons, I edited your message to desactivate the link.

Regards.

[Syl]

Hi,
A bug? blocking my browsers and slowing my pc? There was no forum eh, only a download page, the boasting of the best hacker in france, and then the subscriptions for the activation key. Silly me, but I risked it to test that game (there are too less demos with games, and you're quickly trapped into buying something that you'll regret).

My others accounts are Johyn and ajohin if I remember well. Every time that I try to log in, I cannot because of that timed out session, and that on chrome and firefox (eh, that works now). I have to register with my twitter account, but it works fine with explorer.

New check from roguekiller, with new version, and it found that threat: [4492] svchost.exe, C:\Windows\Systeme32\svchost.exe The 10 hours of kaspersky analysis didn't find it. A bit worrying as it didn't warned me when entering the site, nor protected me from that bug. I'm on my trial to buy it, and wondering. You never thought about making your own internet security software? Roguekiller as a warder, that would feel secure on the net eh.

Cheers!

[Curson]

Hi Syl,

A bug? blocking my browsers and slowing my pc? There was no forum eh, only a download page[...]

I was talking about our forum here, at forum.adlice.com.

ew check from roguekiller, with new version, and it found that threat: [4492] svchost.exe, C:\Windows\Systeme32\svchost.exe

Could you please attach RogueKiller JSON report with your next reply ?

Regards.

[Syl]

Here it is. The log in is working now.

[Curson]

Hi Syl,

Thanks for your feedback.
This is a false positive. We will fix this as soon as possible.

Regards.

[Syl]

Thxs, but then, we can never be sure that virus are really eliminated, without that json check?

[Curson]

Hi Syl,

You do.
Please check the scan reports, if an entry is flagged as "Removed" or "Replaced", that usually means the threat has been eliminated.

Regards.

[Syl]

Hi,
I see, and for my threat then?

[Curson]

Hi Syl,

Usually, the process is first killed (processes module), then deleted (files module). In your case, the svchost process is killed ("Tué(e) [TermThr]") but the file itself is left alone. The simplitec directory is part of Windows and cannot be removed ("ERROR [3]").

Regards.

[Syl]

Hi,

thxs for your time and help.

Regards.

[Curson]

Hi Syl,

You are welcome.

Regards.